General

  • Target

    64d23d2c0284efd48e19cc4f73d5066c

  • Size

    629KB

  • Sample

    240118-jbd5asfafp

  • MD5

    64d23d2c0284efd48e19cc4f73d5066c

  • SHA1

    1cd4826af2402de45ca42ec4b131bb54f5dcc96a

  • SHA256

    295af57bf8cf7f6064c050254187ad87ea601143eac3a773e07fc2cbcb59be48

  • SHA512

    2d9a7bac4393107380ca398f8c3b0f75d9e9124c7dfd74327d2fcbb4028d66ffb23b37ee872a7aedbeb8bddc2144038c2e78805bf4c385d8c944c4267e0c6322

  • SSDEEP

    12288:ed4qnJQ+KBoezbjt5+1ogu/kJXCFW8ljotN0UPrmTMEvWfKDXTT:dBT/+1ogu/koI8aiKrmTMKhT

Malware Config

Extracted

Family

oski

C2

hikark.xyz

Targets

    • Target

      64d23d2c0284efd48e19cc4f73d5066c

    • Size

      629KB

    • MD5

      64d23d2c0284efd48e19cc4f73d5066c

    • SHA1

      1cd4826af2402de45ca42ec4b131bb54f5dcc96a

    • SHA256

      295af57bf8cf7f6064c050254187ad87ea601143eac3a773e07fc2cbcb59be48

    • SHA512

      2d9a7bac4393107380ca398f8c3b0f75d9e9124c7dfd74327d2fcbb4028d66ffb23b37ee872a7aedbeb8bddc2144038c2e78805bf4c385d8c944c4267e0c6322

    • SSDEEP

      12288:ed4qnJQ+KBoezbjt5+1ogu/kJXCFW8ljotN0UPrmTMEvWfKDXTT:dBT/+1ogu/koI8aiKrmTMKhT

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks